From c827d6fa864e2c0b79cea640c45272e83703081e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Fri, 14 Feb 2020 08:14:31 +0100 Subject: [PATCH] irc: fix crash when receiving a malformed message 352 (who) Thanks to Stuart Nevans Locke for reporting the issue. --- ChangeLog.adoc | 1 + src/plugins/irc/irc-protocol.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.adoc b/ChangeLog.adoc index d5be7e151..6767cb856 100644 --- a/ChangeLog.adoc +++ b/ChangeLog.adoc @@ -20,6 +20,7 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes] Bug fixes:: + * irc: fix crash when receiving a malformed message 352 (who) * irc: fix crash when a new message 005 is received with longer nick prefixes * irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955) diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c index cf741c873..068ab5621 100644 --- a/src/plugins/irc/irc-protocol.c +++ b/src/plugins/irc/irc-protocol.c @@ -4689,7 +4689,7 @@ IRC_PROTOCOL_CALLBACK(352) if (argc > 8) { - arg_start = (strcmp (argv[8], "*") == 0) ? 9 : 8; + arg_start = ((argc > 9) && (strcmp (argv[8], "*") == 0)) ? 9 : 8; if (argv[arg_start][0] == ':') { pos_attr = NULL;